A browser which claims to be a mobile version of the Tor software has been detected, but it reportedly is ridden with malware.
According to a discussion on the Tor project website, the Tor Browser in the Apple App Store is fake, with a user claiming “it’s full of adware and spyware” and a move to have it removed has been mooted.
A mobile researcher told IT Security Guru that the malware was mainly adware uses location to display apps. Research by Malwarebytes said that the fake app was first reported to Apple in December, with Apple responding that they are going to give the developer “a chance to defend their app.”
However it said that the app was not developed by Tor, but was using Tor’s name to get installs, and the description fails to mention that it is not affiliated with the Tor Project. Malwarebytes security researcher Christopher Boyd, said that it was hard to say exactly what is in the bundle at this stage, as there is little to no information on what the users felt to be “adware and spyware” in the version of TOR that they downloaded.
“Tor will always be a great target for scammers as the recent NSA privacy revelations continue to encourage end-users to move towards more private methods of communication and browsing. In general, we see more examples of problematic apps on the Play store and elsewhere though,” he said.
David Harley, senior research fellow at ESET, told IT Security Guru that while he had not seen or tested the app, he got the impression that the problem may be that the app doesn’t seem to be out-and-out malware.
He said: “It does seem to contain adware functionality, but that isn’t – unfortunately, perhaps – illegitimate in itself, and there are plenty of apps that contain ‘ad’ content that are generally considered to be legit, or greyware at worst. It’s also been described as having spyware functionality, but I’m not sure what this consists of, though I have to say that what I’d regard as spyware would certainly bring it into the malware category.
“I’m not saying it’s much ‘appdo’ about nothing , but Apple’s comparative reticence in this case is in stark contrast to its decisive action in earlier cases where Apple has perceived a threat to its customer’s privacy or its own reputation: for example, the app by Daniel Amitay, and some of the work of Charlie Miller. That may suggest a more cautious approach to app regulation, but it might simply suggest that the company doesn’t see the app as the dramatic threat described by Trac.”
A notice on the Tor discussion board revealed that Apple had removed the app from the App Store.
TK Keanini, CTO of Lancope, said that the authors already operate behind Tor networks for their marketplaces and commerce, and said that it is only natural that they move their other operations there too.
“The level of innovation in the threat environment is sadly outpacing the defensive innovation. I’m not placing the blame here on vendors, I’m talking about the fact that everything on the defensive side has to change which means customers, regulators, the entire defensive ecosystem,” he said.
